Dot1xApp Service

This chapter describes the DCNM web services' API methods for the Dot1xApp service.

Information About Dot1xApp Service

IEEE 802.1X defines the framework for port-based network access control. 802.1X uses the physical characteristics of the device to authenticate and authorize devices attached to a switch port and prevents access to that port in cases when authentication and authorization fails. The API categories are as follows:

•Query/Get APIs—Query data from the persistent database.

•Modify APIs—Modify existing Dot1x interface and global settings.

•Enable and Disable APIs—Enable and disable Dot1x in the device.

disableDot1x

Disables dot1x authentication on one or more network elements. This API is to disable system-auth-control option globally in the device.

ValidationException is thrown if any of the following situation occurs:

•If neInstanceNameIdCol is null or empty or it is not of type InstanceNameId.

•If dot1xNetworkInterfaceInstanceNameIdCol is not a valid InstanceNameId of AbstractNetworkElement objects.

Parameters

opContext—Operational context

neInstanceNameIdCol—InstanceNameId of one or more dot1x enabled network elements.

Return Value

void

disableDot1xInInterfaces

Disables the dot1x settings for one or more interfaces. Given the InstanceNameId of one or more dot1x enabled interfaces, it disables dot1x in the corresponding interfaces.

ValidationException is thrown if any of the following situation occurs:

•If dot1xNetworkInterfaceInstanceNameIdCol is null or empty or it is not of type InstanceNameId.

•If dot1xNetworkInterfaceInstanceNameIdCol is not a valid InstanceNameId of Dot1xNetworkInterfaceSetting object.

Parameters

opContext—Operational context

dot1xNetworkInterfaceInstanceNameIdCol—InstanceNameId if one or more NetworkInterface objects.

Return Value

void

disableDot1xService

Disables dot1x authentication on one or more network elements. This API is to disable dot1x service globally in the device.

ValidationException is thrown if any of the following situation occurs:

•If neInstanceNameIdCol is null or empty or it is not of type InstanceNameId.

•If neInstanceNameIdCol does not a valid AbstractNetworkElement InstanceNameId.

Parameters

opContext—Operational context

neInstanceNameIdCol—InstanceNameId of one or more dot1x enabled network elements.

Return Value

void

enableDot1x

Enables dot1x authentication on one or more network elements. Given the instance name ID of one or more network elements, dot1x will be enabled on those elements. This API is to enable system-auth-control option globally in the device.

ValidationException is thrown if any of the following situation occurs:

•If neInstanceNameIdCol is null or empty or it is not of type InstanceNameId.

•If dot1xNetworkInterfaceInstanceNameIdCol is not a valid InstanceNameId of AbstractNetworkElement.

IntegrityException is thrown if any of the following situation occurs:

•If any one of the NetworkInterface has one of the following feature enabled as well as dot1x configured in them:

enableDot1xInInterfaces

Enables the dot1x settings for one or more interfaces. Given the InstanceNameId of one or more dot1x enabled interfaces, returns the corresponding dot1x interface settings objects.

ValidationException is thrown if any of the following situation occurs:

•If dot1xNetworkInterfaceInstanceNameIdCol is null or empty or it is not of type InstanceNameId.

•If dot1xNetworkInterfaceInstanceNameIdCol is not a valid InstanceNameId of Dot1xNetworkInterfaceSetting object.

Parameters

opContext—Operational context

dot1xNetworkInterfaceInstanceNameIdCol—InstanceNameId if one or more NetworkInterface objects.

Return Value

A collection of Dot1xNetworkInterfaceSetting objects whose port control set as force-authorized. The returned objects will have their corresponding NetworkInterface reference. But If that NetworkInterface has any other associations, those will be cleared.

enableDot1xService

Enables dot1x authentication on one or more network elements. Given the instance name ID of one or more network elements, dot1x will be enabled on those elements. This API is to enable dot1x service option globally in the device.

ValidationException is thrown if any of the following situation occurs:

•If neInstanceNameIdCol is null or empty or it is not of type InstanceNameId.

•If neInstanceNameIdCol does not a valid AbstractNetworkElement InstanceNameId.

Parameters

opContext—Operational context

neInstanceNameIdCol—List of InstanceNameId of dot1x disabled devices.

Return Value

void

getDot1xConflictingPorts

If the platform type is a Catalyst 6500 series switch, returns the list of network interface objects that has been configured with dot1x whose port control is not Force_Authorized as well as one of the following:

•NetworkInterface is a span destination interface.

•NetworkInterface is a Port Security Enabled interface.

•NetworkInterface is a Voice VLAN Enabled Interface.

•NetworkInterface is of type TRUNK

ValidationException is thrown if any of the following situation occurs:

•If neInstanceNameId is null or it is not of type InstanceNameId.

If the platform type is Nexus 7000 series switch, returns an empty collection.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of AbstractNetworkElement objects.

Return Value

A collection of NetworkInterface objects.

getDot1xGlobalSetting

Returns the device level dot1x settings for one or more network elements. Given the InstanceNameId of one or more network elements, returns the corresponding Dot1xGlobalSetting object for those network elements.

ValidationException is thrown if any of the following situation occurs:

•If neInstanceNameIdCol is null or empty or it is not of type InstanceNameId.

•If neInstanceNameIdCol is not a valid InstanceNameId of AbstractNetworkElement object.

Parameters

opContext—Operational context

neInstanceNameIdCol—InstanceNameId of one or more AbstractNetworkElement objects.

Return Value

A collection of Dot1xGlobalSetting objects.

getDot1xInterfacesSetting

Returns the dot1x settings for one or more interfaces. Given the InstanceNameId of one or more dot1x enabled interfaces, returns the corresponding dot1x interface settings objects.

ValidationException is thrown if any of the following situation occurs:

•If dot1xNetworkInterfaceInstanceNameIdCol is null or empty or it is not of type InstanceNameId.

•If dot1xNetworkInterfaceInstanceNameIdCol is not a valid InstanceNameId of Dot1xNetworkInterfaceSetting object.

Parameters

opContext—Operational context

dot1xNetworkInterfaceInstanceNameIdCol—InstanceNameId if one or more NetworkInterface objects.

Return Value

A collection of Dot1xNetworkInterfaceSetting objects whose port control is not force-authorized. The returned objects will have their corresponding NetworkInterface reference. But If that NetworkInterface has any other associations, those will be cleared.

getDot1xNetworkInterfacesInNetworkElement

Returns the dot1x interface setting objects in a network element having the specified port control state.

ValidationException is thrown if any of the following situation occurs:

•If neInstanceNameId is null or it is not of type InstanceNameId.

•If neInstanceNameId is not a valid network element InstanceNameId.

In PortControl state collection, user can send one or more of the following dot1x port control states:

•Auto

•Force_Authorized

•Force_Unauthorized

•Disabled

For example:

•If user passes port control as Auto, and Force_Authorized, then: This API will return all the dot1x interface setting objects for which the PortControl attribute value is Auto or Force_Authorized.

•If the PortControl state collection is NULL, then it will return all the dot1x interfaces setting objects, irrespective of their PortControl state.

Note: Disable means, the interfaces in which Dot1x can not be enabled. Following are the interfaces in which dot1x can not be enabled:

•All physical interfaces that are of type TRUNK

•All physical interfaces that are of type Private_VLAN

•All physical interfaces that are configured as SPAN destinations

•All logical interfaces

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the network element.

dot1xPortControlStateFilter—one or more Dot1xPortControl state enumerations.

Return Value

A collection of Dot1xNetworkInterfaceSetting objects. The returned objects will have their corresponding NetworkInterface reference. But If that NetworkInterface has any other associations, those will be cleared.

modifyDot1xGlobalSetting

Method to modify device level dot1x settings.

ValidationException is thrown if any of the following situation occurs:

•If neInstanceNameId is null or it is not a valid InstanceNameId of a network element.

•If Dot1xGlobalSetting is null or the object does not exist in the database.

IntegrityException is thrown if any of the following situation occurs:

•If any one of the NetworkInterface has one of the following feature enabled as well as dot1x configured in them:

•NetworkInterface is a span destination interface.

•NetworkInterface is a Port Security Enabled interface.

•NetworkInterface is a Voice VLAN Enabled Interface.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the network element.

dot1xGlbSetting—modified (@link Dot1xGlobalSetting) object.

Return Value

void

modifyDot1xNetworkInterfacesSetting

Modifies the dot1x settings for one or more interfaces.

ValidationException is thrown if any of the following situation occurs:

•If dot1xNetworkInterfaceSettingCol is null or empty or it is not of type Dot1xNetworkInterfaceSetting.